Internet security experts have long known that simple passwords do not fully defend online bank accounts from determined fraud artists. Now a study suggests that a popular secondary security measure provides little additional protection.

The study, produced jointly by researchers at Harvard and the Massachusetts Institute of Technology, looked at a technology called site-authentication images. In the system, currently used by financial institutions like Bank of America, ING Direct and Vanguard, online banking customers are asked to select an image, like a dog or chess piece, that they will see every time they log in to their account.